Newly Uncovered Site Suggests NSA Exploits For Direct Sale

An anonymous reader quotes a report from Motherboard: The Shadow Brokers — a hacker or group of hackers that stole computer exploits from the National Security Agency — has been quiet for some time. After their auction and crowd-funded approach for selling the exploits met a lukewarm reception, the group seemingly stopped posting new messages in October. But a newly uncovered website, which includes a file apparently signed with The Shadow Brokers’ cryptographic key, suggests the group is trying to sell hacking tools directly to buyers one by one, and a cache of files appears to include more information on specific exploits. On Wednesday, someone calling themselves Boceffus Cleetus published a Medium post called “Are the Shadow Brokers selling NSA tools on ZeroNet?” Cleetus, who has an American flag with swastikas as their profile picture, also tweeted the post from a Twitter account created this month. The site includes a long list of supposed items for sale, with names like ENVOYTOMATO, EGGBASKET, and YELLOWSPIRIT. Each is sorted into a type, such as “implant,” “trojan,” and “exploit,” and comes with a price tag between 1 and 100 bitcoins ($780 — $78,000). Customers can purchase the whole lot for 1000 bitcoins ($780,000). The site also lets visitors download a selection of screenshots and files related to each item. Along with those is a file signed with a PGP key with an identical fingerprint to that linked to the original Shadow Brokers dump of exploits from August. This newly uncovered file was apparently signed on 1 September; a different date to any of The Shadow Brokers’ previously signed messages.